Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

SkyRecon Detects PDF Vulnerability

November 2008 by Vigil@nce

SkyRecon Systems announced that it has reported a vulnerability – CVE-2008-4814 – in the Adobe Acrobat PDF file format. The unpatched Adobe software contains an input validation issue in a JavaScript method that could potentially lead to unauthorised remote code execution – exploited simply by viewing the document online or through your standard email system. This vulnerability is exploitable on nearly any operating system that supports this open document standard.

Adobe PDF (Portable Document Format) is used globally to capture and view information from nearly any application on nearly any computer system. Established as a formal open standard ISO 32000, Adobe PDF has been designed to share information across multiple platforms with a high level of trust and reliability.

The vulnerability affects any operating system that allows the user to view or open a compromised PDF file. The collection of operating systems includes, but is not limited to, multiple versions of Microsoft Windows, Unix, and Linux. If exploited, the vulnerability could allow for unauthorised code execution, such as a Trojan, keylogger, password stealer, or other form of malware.

More information regarding the vulnerability can be found at CVE-2008-4814. Additional information regarding the patch from Adobe can be found at

http://www.adobe.com/support/security/bulletins/apsb08-19.html




See previous articles

    

See next articles